Re: IPS protection

Ideally you'd want to take into account the current load (CPU, RAM, Disk IO, throughput and types of traffic) and other enabled blades you have on your security gateways before turning on some of the more higher impact protections. With this in mind, the R80.10 Threat Prevention Guide ( https://downloads.checkpoint.com/dc/download.htm?ID=54828 ) has some text on those two metrics.

Confidence LevelSome attack types are less severe than others, and legitimate traffic may sometimes be mistakenly recognized as a threat. The confidence level value shows how well the specified protection can correctly recognize the specified attack.The Confidence parameter can help you troubleshoot connectivity issues with the firewall. If legitimate traffic is blocked by a protection, and the protection has a Confidence level of Low, you have a good indication that more granular configurations might be required on this protection.

Performance ImpactSome protections require the use of more resources or apply to common types of traffic, which adversely affects the performance of the gateways on which they are activated.Note -The Performance Impact of protections is rated based on how they affect gateways of this version which run SecurePlatform and Windows operating systems. The Performance Impact on other gateways may be different than the rating listed on the protection.For example, you might want to make sure that protections that have a Critical or High Performance Impact are not activated unless they have a Critical or High Severity, or you know the protection is necessary.If your gateways experience heavy traffic load, be careful about activating High/Critical Performance Impact protections on profiles that affect a large number of mixed (client and server) computers.Use the value of this parameter to set an optimal protection profile, in order to prevent overload on the gateway resources.